Re: The cost of choices

[Michael Thomas <mike@xxxxxxxx>]

Earl Hood wrote:

> On July 28, 2005 at 16:57, Jim Fenton wrote:
>
>  
>
> > > And to extend it further, the SSP should provide the ability to
> > > list which domains are allowed to do third-party signing.  Otherwise,
> > > if it is boolean switch, turning on the switch open you up to
> > > spoofing attacks.
> > >
> > >      
> > If someone outside the domain is an authorized sender, how about 
> > delegating a key (selector) to them so that they can apply a first-party 
> > signature?  This can either be done on an individual-selector basis, or 
> > it's even possible to delegate a selector hierarchy 
> > (*.outsource._domainkey.example.com) to them.
> >    
>
> I'm not seeing how this prevents a malicious domain from spoofing
> the OP identity if the OP has third-party signatures enabled?
>
> If you can provide a more detailed example, I would appreciate it.
>  
Note that this mainly a question of what the receiver does once it's 
validated
a signature (eg, the RSA check succeeds). At that point, the receiver 
can try
to see if the signature binds to an outside address -- like say the From 
address.
If there isn't a intact signature bound to the From: address, the 
receiver MUST
check the signing policy of the From: domain. If it is o=!, then it 
should consider
the other potentially valid signatures as if they didn't exist.

      Mike